<br>On Friday, 6 November 2015, Major Hayden <<a href="mailto:major@mhtx.net">major@mhtx.net</a>> wrote:<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
At this moment, openstack-ansible-security[1] is feature complete and all of the Ansible tasks and documentation for the STIGs are merged. Exciting!</blockquote><div><br></div><div>Excellent work, thank you!</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I've done lots of work to ensure that the role uses sane defaults so that it can be applied to the majority of OpenStack deployments without disrupting services. It only supports Ubuntu 14.04 for now, but that's openstack-ansible's supported platform as well.</blockquote><div><br></div><div>We're on a trajectory to get other platforms supported too, so I think that work in this regards may as well get going. If there are parties interested in adding role support for Fedora, Gentoo and others then I'd say that it should be spec'd and can go ahead!</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I'd like to start by adding it to the gate-check-commit.sh script so that the security configurations are applied prior to running tempest.</blockquote><div><br></div><div>While I applaud the idea, changing the current commit integration test is probably not the best approach. We're in the middle of splitting the roles out into their own repositories and also extending the gate checks into multiple use-cases.</div><div><br></div><div>I think that the best option for now will be to add the implementation of the security role as an additional use-case. Depending on the results there we can figure out whether the role should be a default in all use cases.<span></span></div><br><br>-- <br><div dir="ltr"><div>Jesse Pretorius<br>mobile: +44 7586 906045<br>email: <a href="mailto:jesse.pretorius@gmail.com" target="_blank">jesse.pretorius@gmail.com</a><br>skype: jesse.pretorius</div></div><br>